If you've reviewed the workshop on building your own Hypersync using SDK, and played with the samples, you have learned how to create your own proof types. Your proof appears as an option when configuring Hypersyncs connected to controls or labels.
The latest Hypersync SDK supports creating an additional type of proof for 'User Access Reviews', or UAR.
An access review is a process where user access and permissions to applications used by an organization are reviewed and adjusted regularly, such as monthly, quarterly, or annually, to ensure that they are still appropriate. Access reviews are done to maintain good security practices and prevent unauthorized access to sensitive information and systems.
Two types of user lists, directory, and application, are available for access reviews. The directory contains a list of all of your employees, and the application user list contains lists of users for the applications you are reviewing, such as Salesforce or Okta. You will notice that your custom Hypersync is not available when attempting to import user lists.
The video attached to this post walks you through the process of making your Hypersync available in the Access Review module.
Latest SDK template from the Hypersync SDK Samples repository https://github.com/Hyperproof/hypersync-sdk-samples
Latest Hyperproof command line interface tool, CLI. https://github.com/Hyperproof/hypersync-sdk/blob/main/doc/hyperproof-cli.md
Once you have the latest tools, there are 3 major steps to make your Hypersync and proof available for Access Reviews.
In the 'package.json' configuration file, we have to tell Hyperproof that this Hypersync is available to be used for Access Reviews by adding a new flag called 'schemacategories'. The schemaCategories array is optional and only required for Hypersyncs that need to be accessible in the Access Review module. The values 'uarApplication' and 'uarDirectory' are optional and can be used alone or together.
Ex.
{
"name": "custom-hypersync-app",
"version": "1.0.0",
"app_hyperproof": {
"name": "My Custom Hypersync App",
"appType": "hypersync",
"authType": "custom",
"category": "Identity Services",
"descriptionCapabilities": "This integration extracts user and group information from The Target Service.",
"debug": true,
"staticIp": false,
"schemaCategories": [
"uarApplication", "uarDirectory"
]
},
...
}In your proofTypes.json file, indicate which proof types are for the UAR application. 'schemaCategory' is required if the Hypersync is to be used in the 'Access Reviews' module. Only one schemaCategory can be assigned per proof.
Ex.
{
"$schema": "https://cdn.jsdelivr.net/gh/Hyperproof/hypersync-sdk/schema/proofProviders.schema.json",
"groupMembershipList": {
"label": "{{messages.PROOF_TYPE_MEMBERSHIP_LIST}}",
"category": "users"
},
"userList": {
"label": "{{messages.PROOF_TYPE_USER_LIST}}",
"category": "users"
},
"deviceList": {
"label": "{{messages.PROOF_TYPE_DEVICE_LIST}}",
"category": "devices"
},
"listOfUsersApplication": {
"label": "{{messages.PROOF_TYPE_USER_LIST}}",
"schemaCategory": "uarApplication"
}
}Create the actual proof type. The proof is created the same as a normal proof and referenced in your proofTypes.json, as noted in step 2. It is recommended that the proof contain a minimum set of fields including 'username', 'owner', 'email', and 'role'.
Continue creating your custom Hypersync app per the documentation and samples and upload your app using the latest CLI.
When attempting to upgrade existing custom Hypersyncs to use the schemaCategories for Access Review proof types, you must first delete the existing Hypersync using the CLI command hp customapps delete. This ensures that the new schemaCategories definition is added to your Hypersync for Access Reviews by adding a new flag called 'schemacategories'.